package auth

import (
	"net/http"

	"github.com/gin-gonic/gin"

	"mxshop-api/shared/auth/token"
)

func IsAdminUser() gin.HandlerFunc {
	return func(c *gin.Context) {
		// 1.获取
		clm, ok := c.Get("claims")
		if !ok {
			c.JSON(http.StatusInternalServerError, gin.H{"msg": "cannot get claims"})
			c.Abort()
			return
		}
		// 2.断言
		currentUser := clm.(token.Custom)
		// 3.校验
		if currentUser.RoleID != 2 {
			c.JSON(http.StatusForbidden, gin.H{"msg": "no permission"})
			c.Abort()
			return
		}
		c.Next()
	}
}
